Main Vulnerability Database Vulnerabilities #VU51886

#VU51886 Buffer overflow in Qualcomm products - CVE-2020-11210

Published: April 5, 2021

Vulnerability identifier: #VU51886

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-11210

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AR8035
PM4125
PM4250
PM6125
PM6150A
PM6150L
PM6350
PM7250B
PM8008
PMD9655
PMI632
PMK8003
QAT3519
QAT3522
QAT3555
QAT5515
QAT5516
QCA6390
QCA9984
QCM2290
QCM4290
QCS2290
QCS4290
QDM2301
QDM2302
QET4101
QET6105
QPA4360
QPA4361
QPA6560
QPA8673
QSW6310
QSW8573
QSW8574
QTC410S
QTM525
SD460
SD480
SD662
SDR425
SDR660
SDR735
SDR735G
SM4125
SMB1351
SMB1354
SMB1355
SMB1396
SMR526
WCD9370
WCD9375
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WCN3999
WCN6850
WGR7640
WSA8810
WSA8815
WTR2965
WTR3925
QCS405
SD665

Software vendor:
Qualcomm

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in RPM region due to improper XPU configuration. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

#VU51886 Buffer overflow in Qualcomm products - CVE-2020-11210

Description

Remediation

External links

Please verify you're human